Implented feedback from @jhart-r7

Author: firefart

lib/msf/http/wordpress.rb

@@ -1,4 +1,3 @@
-# encoding: UTF-8
 # -*- coding: binary -*-
 
 # This module provides a way of interacting with wordpress installations

lib/msf/http/wordpress/base.rb

@@ -1,4 +1,3 @@
-# encoding: UTF-8
 # -*- coding: binary -*-
 
 module Msf::HTTP::Wordpress::Base
@@ -10,16 +9,15 @@ def wordpress_and_online?
         'method' => 'GET',
         'uri' => normalize_uri(target_uri.path)
     )
-    return res if res &&
-        res.code == 200 &&
-        (
-          res.body =~ /["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i ||
-          res.body =~ /<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i ||
-          res.body =~ /<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
-        )
+    wordpress_detect_regexes = [
+      /["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i,
+      /<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i,
+      /<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
+    ]
+    return res if res && res.code == 200 && res.body && wordpress_detect_regexes.any? { |r| res.body =~ r }
     return nil
-  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-    print_error("#{peer} - Error connecting to #{target_uri}")
+  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
+    print_error("#{peer} - Error connecting to #{target_uri}: #{e}")
     return nil
   end
 end

lib/msf/http/wordpress/helpers.rb

@@ -49,7 +49,7 @@ def wordpress_helper_post_comment(comment, comment_post_id, login_cookie, author
     options.merge!({'vars_post' => vars_post})
     options.merge!({'cookie' => login_cookie}) if login_cookie
     res = send_request_cgi(options)
-    if res and (res.code == 301 or res.code == 302) and res.headers['Location']
+    if res and res.redirect? and res.redirection
       return wordpress_helper_parse_location_header(res)
     else
       message = "#{peer} - Post comment failed."
@@ -101,7 +101,7 @@ def wordpress_helper_check_post_id(uri, comments_enabled=false, login_cookie=nil
       else
         return res.body
       end
-    elsif res and (res.code == 301 or res.code == 302) and res.headers['Location']
+    elsif res && res.redirect? && res.redirection
       path = wordpress_helper_parse_location_header(res)
       return wordpress_helper_check_post_id(path, comments_enabled, login_cookie)
     end
@@ -113,9 +113,9 @@ def wordpress_helper_check_post_id(uri, comments_enabled=false, login_cookie=nil
   # @param res [Rex::Proto::Http::Response] The HTTP response
   # @return [String,nil] the path and query, nil on error
   def wordpress_helper_parse_location_header(res)
-    return nil unless res and (res.code == 301 or res.code == 302) and res.headers['Location']
+    return nil unless res && res.redirect? && res.redirection
 
-    location = res.headers['Location']
+    location = res.redirection
     path_from_uri(location)
   end
 

lib/msf/http/wordpress/login.rb

@@ -1,4 +1,3 @@
-# encoding: UTF-8
 # -*- coding: binary -*-
 
 module Msf::HTTP::Wordpress::Login
@@ -15,7 +14,7 @@ def wordpress_login(user, pass)
         'vars_post' => wordpress_helper_login_post_data(user, pass, redirect)
     )
 
-    if res && (res.code == 301 || res.code == 302) && res.headers['Location'] == redirect
+    if res && res.redirect? && res.redirection == redirect
       cookies = res.get_cookies
       # Check if a valid wordpress cookie is returned
       return cookies if

lib/msf/http/wordpress/posts.rb

@@ -112,7 +112,7 @@ def wordpress_get_all_blog_posts_via_feed(max_redirects = 10)
       count = max_redirects
 
       # Follow redirects
-      while (res.code == 301 || res.code == 302) and res.headers['Location'] and count != 0
+      while res.redirect? && res.redirection && count != 0
         path = wordpress_helper_parse_location_header(res)
         return nil unless path
 

lib/msf/http/wordpress/users.rb

@@ -33,7 +33,7 @@ def wordpress_userid_exists?(user_id)
         'uri' => url
     })
 
-    if res and res.code == 301
+    if res and res.redirect?
       uri = wordpress_helper_parse_location_header(res)
       return nil unless uri
       # try to extract username from location

lib/msf/http/wordpress/version.rb

@@ -1,4 +1,3 @@
-# encoding: UTF-8
 # -*- coding: binary -*-
 
 module Msf::HTTP::Wordpress::Version
@@ -88,7 +87,7 @@ def check_version_from_readme(type, name, fixed_version, vuln_introduced_version
     when :theme
       folder = 'themes'
     else
-      fail("Unknown type #{type}")
+      fail("Unknown readme type #{type}")
     end
 
     readme_url = normalize_uri(target_uri.path, wp_content_dir, folder, name, 'readme.txt')
@@ -121,7 +120,6 @@ def check_version_from_readme(type, name, fixed_version, vuln_introduced_version
         # Not in range, nut vulnerable
         return Msf::Exploit::CheckCode::Safe
       end
-      return
     # version newer than fixed version
     else
       return Msf::Exploit::CheckCode::Safe

modules/exploits/unix/webapp/wp_wptouch_file_upload.rb

@@ -1,5 +1,3 @@
-# encoding: UTF-8
-
 ##
 # This module requires Metasploit: http//metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
@@ -72,8 +70,8 @@ def get_nonce(cookie)
     )
 
     # forward to profile.php or other page?
-    if res && res.code.to_s =~ /30[0-9]/ && res.headers['Location']
-      location = res.headers['Location']
+    if res && res.redirect? && res.redirection
+      location = res.redirection
       print_status("#{peer} - Following redirect to #{location}")
       res = send_request_cgi(
         'uri'    => location,

modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb

@@ -1,5 +1,3 @@
-# encoding: UTF-8
-
 ##
 # This module requires Metasploit: http//metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework